Questions for the 312-40 were updated on : Dec 01 ,2025
TechGloWorld is an IT company that develops cybersecurity software and applications for various
customers across the globe. Owing to the cost-effective security and storage services provided by
AWS. TechGloWorld has adopted AWS cloud-based services. A new employee, named Tom Harrison,
has joined TechGloWorld as a cloud security engineer. The team leader of cloud security engineers
would like to add an 1AM user named Tom to the 1AM group named Admins. Which of the following
commands should be used by the TechGloWorld security team leader?
C
Explanation:
The AWS CLI command to add a user to a group follows this syntax:
aws iam add-user-to-group --user-name <UserName> --group-name <GroupName>
The correct command with proper syntax for adding the user "Tom" to the group "Admins" is:
aws iam add-user-to-group --user-name Tom --group-name Admins
Options A, B, and D contain incorrect syntax or misspellings.
For securing data, an AWS customer created a key in the Alabama region to encrypt their data in the
California region. Two users were added to the key along with an external AWS account. When the
AWS customer attempted to encrypt an S3 object, they observed that the key is not listed. What is
the reason behind this?
B
Explanation:
AWS Key Management Service (KMS) keys are region-specific. An encryption key created in one
region (e.g., Alabama) cannot be used to encrypt data in another region (e.g., California).
When attempting to encrypt an S3 object, the KMS key must reside in the same region as the S3
bucket. This is a limitation designed to ensure data locality and security.
Dave Allen works as a cloud security engineer in an IT company located in Baltimore, Maryland. His
organization uses cloud-based services; it also uses the Network Watcher regional service to monitor
and diagnose problems at the network level. It contains network diagnostic and visualization tools
that help in understanding, diagnosing, and obtaining visibility into the network in a cloud
environment. This service helped Dave in detecting network vulnerabilities, monitoring network
performance, and ensuring secure cloud operations. Which of the following cloud service providers
offers the Network Watcher service?
B
Explanation:
Azure Network Watcher is a regional service provided by Microsoft Azure that offers network
monitoring, diagnostic, and visualization tools. It helps in detecting network vulnerabilities,
monitoring network performance, and ensuring secure operations in a cloud environment.
Other cloud providers such as Google Cloud, IBM, and AWS have their own network monitoring
tools, but Network Watcher is specific to Azure.
An Azure subscription owner, Arial Solutions, gets notified by Microsoft (by default} when a high-
severity alert (email notification) is triggered. The cloud security engineer would like to send these
security alerts to a specific Individual or anyone with particular Azure roles for a subscription, and
modify the severity levels for which alerts are sent. How con the cloud security engineer configure
these alerts?
D
CyTech Private Ltd. is an IT company located in Jacksonville. Florid
a. The organization would like to eliminate a single point of failure: therefore. In 2017. the
organization adopted a cloud computing service model in which the cloud service provider
completely handles the failover. CyTech Private Ltd. added automated failover capabilities to its
cloud environment and it has boon testing the functionality to ensure that it is working efficiently. In
which of the following cloud computing service models, failover is completely handled by the cloud
service provider?
C
Jimmi Simpson has been working as a cloud security engineer in an IT company situated in Uvoni
a. Michigan. His organization uses Microsoft Azure's cloud-based services. Jimml wants a cloud-
based, scalable SIEM and SOAP solution that uses threat intelligence and provides intelligent security
analytics across his organization. Which of the following Microsoft Azure services provides of single
solution for threat visibility, alert detection, threat response, and proactive hunting that reduces the
number of attacks, provides a birds-eye view across the organization, generates high volumes of
alerts, and ensures long resolution time frames?
C
Ocular Private Ltd. is an IT company that develops software related to graphic design. The
organization has been using Google cloud services. Margot Robbie has been working as a cloud
security engineer in Ocular Private Ltd. over the past three years. She uses the CCP Cloud Operations
Suite (formerly Stack Driver} logging and monitoring tool to monitor and debug CCP hosted
applications. Margot would like to monitor a compute engine instance with cloud monitoring;
therefore, she created a compute engine instance, then she installed the cloud monitoring agent.
Which of the following command can Margot use to start the cloud monitoring agent?
B
Richard Branson works as a senior cloud security engineer in a multinational company. Richard wants
to see the actions performed on AWS resources, the services accessed, users who made requests,
and the users or services that performed an action on an AWS service. Which of the following AWS
services will provide a log of all system and user actions that affect AWS resources within Richard's
organizational AWS account?
D
Alex Hales works as a cloud security specialist in an IT company. He wants to make his organization's
business faster and more efficient by implementing Security Assertion Mark-up Language (SAML)
that will enable employees to securely access multiple cations with a single set of credentials. What
is SAML?
C
Rachael Taylor works as a cloud security engineer in CyTech Private Ltd whose previous cloud service
provider used to levy high charges for resource utilization. Rachael would like to check resource
utilization to Identify resources that are not in use. but the cloud service provider did not have the
provision that allows cloud consumers to view resource utilization. Because AWS provides various
cloud-based services, including resource utilization and a secure environment to cloud consumers,
her organization adopted AWS cloud-based services. Rachael would like to view operational
performance, resource utilization, and overall demand patterns, including metrics such as disk reads
and writes, CPU utilization, and network traffic. Which of the following AWS services fulfills Racheal’s
requirements?
A
SeaCloud Soft Pvt. Ltd. is an IT company that develops software and applications related to the
healthcare industry. To safeguard the data and applications against The organization did not trust the
cloud service attackers, the organization adopted cloud computing. provider; therefore, it
Implemented an encryption technique that secures data during communication and storage.
SeaCloud Soft Pvt. Ltd. performed computation on the encrypted data and then sent the data to the
cloud service provider. Based on the given information, which of the following encryption techniques
was implemented by SeaCloud Soft Pvt. Ltd.?
B
Richard Harris works as a senior cloud security engineer in a multinational company. His organization
uses Microsoft Azure cloud-based services. Richard would like to manage, control, and monitor the
access to important resources in his organization. Which service in Azure AD can enable Richard to
manage, control, and monitor the access to resources in Azure. Azure AD. and other Microsoft online
services such as Microsoft Intune or Microsoft 365?
A
Two cloud security engineers, Lin and Messy, observed unexpected changes such as slower response
time in the behavior of the Azure storage services used by applications. They need to study the
tables, queues, and blob logs and identify the root cause of the slow response to remediate the
issue. How can both Lin and Messy ensure the operational security of Azure operational?
D
Lexie Roth works as a cloud security engineer in an IT company located in Boston, Massachusetts.
Her organization generates a huge amount of dat
a. To increase the storage size, speed, and fault tolerance, Lexie would like to configure and create a
RAID. Therefore, she created a RAID on windows Server 2016, which includes block level striping
with a distributed parity. The parity information is distributed among all drives. except one. The data
chunks in the RAID are larger than the regular I/O size, but they can be re-sized. To prevent data loss
after a drive fails, data are calculated from the distributed parity. The RAID configured by Lexie
requires at least three disks, but for robust performance, Lexie used seven disks. Based on the given
information, which of the following RAID was configured and created by Lexie?
B
Ryan has worked as a senior cloud security engineer over the past five years in an IT company. His
organization uses Google cloud-based services because it provides live migration of VM. improved
performance, robust security, better pricing compared to competitors. Ryan is using Cloud Endpoints
to protect and manage APIs. Using Cloud Endpoints, ho is controlling access to APIs and validating
every call with web tokens and Google API keys. Which of the following web tokens can validate
every call in Cloud Endpoints?
B